A. Field of Invention
The present invention relates to computer memory devices, and, more specifically, to mechanisms for restoring critical data to computer memory devices.
B. Description of Related Art
Modern computer long-term memory storage devices, such as, but not limited to IDE drives, are able to “hide” data from their host computer's operating system. For example, an IDE drive might be 12 GB, with 10 GB not hidden and 2 GB hidden. The entire 12 GB of the drive might have data on it, but an operating system, such as Windows®, would only be able to access the non-hidden 10 GB. Special programs that bypass the operating system and address the drive directly may read this “hidden” data.
The commands that allow for hiding of data do not actually change the data stored on a drive, but change how a drive responds to certain commands. For instance, one of the commands reduces the effective size of the drive by making data stored above a certain location inaccessible to the host computer's operating system. In order to avoid confusing the operating system, the drive reports this smaller size as its true size. In order for the operating system to have access to data above this new reported size, a skilled operator would need to reset the drive's size back to its full size and then issue appropriate commands to have the operating system recognize the drive's larger size. These steps require changes to the data in the drive.
One legitimate example of this “hiding” feature being used is a computer manufacturer, such as Hewlett-Packard of Palo Alto, Calif., putting configurations files on a drive but hiding them from users. In this fashion most users are prevented from modifying the configuration files, as they do not have the expertise and/or access to special programs, or the knowledge that there are hidden files on their computer. A manufacturer could copy an operating system installation data to a “hidden” area. Since the manufacturer knows that the operating system is in the “hidden” area, the manufacturer could write a series of utilities to extract drivers and/or other files, which may be needed from time to time. The manufacturer in this case would have a reasonable expectation that these files would be available and unmodified if needed, whereas if the files were in a non-hidden area, the files may be modified and/or deleted through operator error.
Unfortunately, lawbreakers can use this “hidden” feature as well. Pedophiles may store illegal images in the “hidden” area. Terrorists may store their plans in the “hidden” area. Corporate spies may hide confidential data in the “hidden” area. There is an obvious need for Police and other law enforcement as well as security officers to be able to access “hidden” areas on computer long-term memory storage devices.
There are many situations where law enforcement or security officials need to examine and/or copy a storage device and leave it in its original state. If the size reported by an Identify Device request is not reset, the operating system of the original host computer may not be able to access the drive properly. If a suspect's computer suddenly starts malfunctioning in this way, he may be tipped off and modify his behavior. Law enforcement officials may check a suspected and/or paroled pedophile's computer for illegal images. If illegal images are found, law enforcement officials may monitor the suspect's actions in an effort to identify his contacts. Therefore, it is important that the suspect does not know that his computer was searched. Security officers have similar concerns when investigating terrorists and spies.
There are a number of known conventional techniques for restoring critical data to long-term storage devices. One class of early techniques revolves around connecting a storage device to a host computer and running software on the host to open and restore critical data. There are three major problems with these techniques. First, some operating systems, such as the Windows® operating systems from Microsoft Corporation, may modify the storage device when accessing files on the device, even if the user is only trying to read files from the device. In addition, during startup, operating systems such as Windows® will write up to hundreds of megabytes of data to a storage device as the operating system initializes. Secondly, a trained operator is required to properly connect the storage device to a host and run the specialized software. Thirdly the simple act of connecting a storage device to a standard host may damage the device or change its storage state.
There are many situations in which it is desirable to allow data to be read from a non-volatile long-term memory storage device, such as a computer hard drive, but not allow data to be written to the device. For example, law enforcement officials have occasion to confiscate long-term memory storage devices. Once confiscated, the law enforcement officials need to be able to examine and copy the storage device without changing the storage state of the device. Therefore, for the purposes of law enforcement officials and security officers, these techniques are not optimal.
A second class of restoring critical data to drive controllers revolves around the use of a write protecting device, such as our U.S. patent application Ser. No. 09/961,417 and specialized software run on a host computer. The write protecting device protects the storage device from any changes as discussed above. However, a skilled operator is required to run the software.
A third class of restoring critical data to drive controllers revolves around the use of stand-alone devices such as Ser. No. 09/961,417 with a simple user interface. This user interface could show a user critical drive information. A user could then write down this information. This class of device could have a user interface that would enable a user to then enter this information and in this way restore critical data. However, this would make this class of device larger, more expensive, more difficult to use, and open to the possibility of alerting a suspect if the incorrect information is entered.
There are two considerations currently unmet within the art. There is an obvious benefit if a restoring device could indicate to an operator that the drive has been correctly restored. Furthermore, there is an obvious benefit if a restoring device included systems and methods to protect critical data in the event of a power failure.
The above discussion has focused on IDE drives and restoring information reported by an Identify Device command, but our invention is not limited to these. One skilled in the art will appreciate that other drive types, such as USB and FireWire, have similar concerns and that information other than the drive size may need to be restored.
Accordingly, there is a need in the art for an improved mechanism for restoring critical drive information in a memory device, such as a disk drive.